I've just made some important changes to the GPG support in Opkg, which
means it should now be quite usable.
A repository is signed by creating a detached signature on the Packages
file, to create Packages.sig. This is downloaded by opkg and used to
verify the Packages file.
opkg-key
--------
This is a utility taken straight from Debian (apt-key) which can be used
to install and remove public keys from the keychain. Keys are stored
in /etc/opkg, but I have also added an offline root option to opkg-key
to allow managing keys in an offline root. This should be useful when
building file system images.
Issues
------
Currently, when opkg imports the keys from /etc/opkg/trusted.gpg it
stores them in ~/.gnupg. I haven't found a way in gpgme to just import
the keys temporarily into the keychain.
Regards,
Thomas
--
OpenedHand Ltd.
Unit R Homesdale Business Center / 216-218 Homesdale Road /
Bromley / BR1 2QZ / UK Tel: +44 (0)20 8819 6559
Expert Open Source For Consumer Devices - http://o-hand.com/
------------------------------------------------------------